Millions of Americans now fall within government’s digital dragnet

DCoded: Scale of digital snooping finally becomes a political issue.

This post is part of our "DCoded" series, a partnership with the Center for Democracy & Technology in Washington, DC. Each installment provides a look at the most important bills, regulations, and think tankery on issues that will affect your Internet and mobile experience.

Will government surveillance finally become a political issue for middle-class Americans?

Until recently, average Americans could convince themselves they were safe from government snooping. Yes, the government engaged in warrantless wiretaps, but those were directed at terrorists. Yes, movies and TV shows featured impressive technology, with someone’s location highlighted in real time on a computer screen, but such capabilities were used only to track drug dealers and kidnappers.

Figures released earlier this month should dispel that complacency. It’s now clear that government surveillance is so widespread that the chances of the average, innocent person being swept up in an electronic dragnet are much higher than previously appreciated. The revelation should lead to long overdue legal reforms.

The new figures, resulting from a Congressional inquiry, indicate that cell phone companiesresponded last year to at least 1.3 million government requests for customer data—ranging from subscriber identifying information to call detail records (who is calling whom), geolocation tracking, text messages, and full-blown wiretaps.

Almost certainly, the 1.3 million figure understates the scope of government surveillance. One carrier provided no data. And the inquiry only concerned cell phone companies. Not included were ISPs and e-mail service providers such as Google, which we know have also seen a growing tide of government requests for user data. The data released this month was also limited to law enforcement investigations—it does not encompass the government demands made in the name of national security, which are probably as numerous, if not more. And what was counted as a single request could have covered multiple customers. For example, an increasingly favorite technique of government agents is to request information identifying all persons whose cell phones were near a particular cell tower during a specific time period—this sweeps in data on hundreds of people, most or all of them entirely innocent.

How did we get to a point where communications service providers are processing millions of government demands for customer data every year? The answer is two-fold. The digital technologies we all rely on generate and store huge amounts of data about our communications, our whereabouts and our relationships. And since it’s digital, that information is easier than ever to copy, disclose, and analyze. Meanwhile, the privacy laws that are supposed to prevent government overreach have failed to keep pace. The combination of powerful technology and weak standards has produced a perfect storm of privacy erosion.

Of course, police and other government investigators have legitimate needs for electronic evidence, and citizens enjoy huge benefits from new technologies. We don’t want to deprive law enforcement of the tools it needs, and we don’t want to give up our technology. The only solution is to ensure that the government’s use of these tools is carefully focused. The best way to do that is to follow the standard in the Constitution and require the government to get a warrant from a judge before intruding in our lives.

The problem is that the courts, in cases that are decades old, ruled that information held by a third party, such as a wireless carrier, was not covered by the Constitution’s warrant requirement. And the statute that sets standards for government monitoring of cell phones and online communications, the Electronic Communications Privacy Act (ECPA), was written in 1986, when mobile phones were the size of bricks and Facebook and Google didn’t exist. ECPA says that the government can obtain a wide range of information, including text messages and e-mail, with only a subpoena, issued without a judge’s approval. This is a much lower standard than requiring a warrant.

Changes brewing?

We clearly have a long way to go to reclaim our privacy, but there are some encouraging developments from DC. Last January, the Supreme Court ruled in US v. Jones that the use of a GPS device to track a person’s vehicle over an extended period of time constitutes a search under the Constitution and therefore generally requires a warrant issued by a judge. And one federal appeals court has held that the government must get a warrant before reading stored text messages or e-mail.

In addition, a broad coalition of companies, think tanks, and advocacy groups from across the political spectrum has been urging Congress to reform ECPA.

There's also some movement in Congress, where a group of lawmakers has introduced the GPS Act (S.1212 in the Senate and H.R.2168 in the House) to require that government agents get a warrant from a judge in order to track people using their mobile phones. The GPS Act offers the rare chance to find bipartisan consensus—both Republicans and Democrats have come out in support of the act.

Up to now, persistent lobbying from the Justice Department and a lack of outcry from the public have left Congress with little incentive to act. But the revelation that millions of Americans are falling within a digital dragnet may be the spark needed to make this an issue that resonates with the middle class.